CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1593 matches found

CNNVD•added 2022/10/11 12:0 a.m.•1 views

FlatPress 跨站脚本漏洞

FlatPress is a Php-based blog builder without database support from the FlatPress community. A cross-site scripting vulnerability exists in FlatPress v1.2.1, which was discovered to contain a cross-site scripting XSS vulnerability via the page parameter on /Flatpress/admin.php...

5.4CVSS5.4AI score0.24491EPSS

Exploits1References3

OSV•added 2022/08/29 12:15 a.m.•1 views

CVE-2022-36572

Sinsiu Sinsiu Enterprise Website System v1.1.1.0 was discovered to contain a remote code execution RCE vulnerability via the component /upload/admin.php?/deal/...

9.8CVSS6.3AI score0.03121EPSS

Exploits1References1

Prion•added 2022/08/29 12:15 a.m.•11 views

Remote code execution

Sinsiu Sinsiu Enterprise Website System v1.1.1.0 was discovered to contain a remote code execution RCE vulnerability via the component /upload/admin.php?/deal/...

7.5CVSS9.8AI score0.03121EPSS

Exploits1References1Affected Software1

ATTACKERKB•added 2022/08/23 1:15 p.m.•1 views

CVE-2022-36261

An arbitrary file deletion vulnerability was discovered in taocms 3.0.2, that allows attacker to delete file in server when request url admin.php?action=file&ctrl=del&path=/../../../test.txt...

9.1CVSS7.5AI score0.00889EPSS

Exploits1References4

Cvelist•added 2022/08/23 12:46 p.m.•10 views

CVE-2022-36261

An arbitrary file deletion vulnerability was discovered in taocms 3.0.2, that allows attacker to delete file in server when request url admin.php?action=file&ctrl=del&path=/../../../test.txt...

9.3AI score0.00889EPSS

Exploits1References2

wpexploit•added 2022/07/31 12:0 a.m.•152 views

Fast Flow < 1.2.13 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Create/edit a dashboard with an HTML widget...

5.5CVSS5.1AI score0.00438EPSS

Exploits2

Prion•added 2022/06/27 10:15 p.m.•11 views

Sql injection

A vulnerability classified as critical has been found in Kama Click Counter Plugin up to 3.4.8. This affects an unknown part of the file wp-admin/admin.php. The manipulation of the argument orderby/order with the input ASC%2cselectfromselectsleep2a leads to sql injection Blind. It is possible to...

6.5CVSS8.8AI score0.00181EPSS

Exploits1References2Affected Software1

Cvelist•added 2022/06/27 9:50 p.m.•14 views

CVE-2017-20103 Kama Click Counter Plugin admin.php Blind sql injection

6.3CVSS9AI score0.00181EPSS

Exploits1References2

CVE•added 2022/06/27 9:50 p.m.•42 views

CVE-2017-20103

CVE-2017-20103 describes a blind SQL injection in the Kama Click Counter Plugin (up to version 3.4.8) affecting wp-admin/admin.php via the order_by/order parameter (ASC, (select sleep(2))). The vulnerability can be exploited remotely and the public exploit has been disclosed. Upgrading to version...

8.8CVSS7.8AI score0.00181EPSS

Exploits1References2Affected Software1

NVD•added 2022/06/02 2:15 p.m.•10 views

CVE-2020-20971

Cross Site Request Forgery CSRF vulnerability in PbootCMS v2.0.3 via /admin.php?p=/User/index...

8.8CVSS0.00141EPSS

Exploits1References1

Prion•added 2022/06/02 2:15 p.m.•11 views

Cross site request forgery (csrf)

Cross Site Request Forgery CSRF vulnerability in PbootCMS v2.0.3 via /admin.php?p=/User/index...

6.8CVSS8.8AI score0.00141EPSS

Exploits1References1Affected Software1

Cvelist•added 2022/06/01 2:31 p.m.•10 views

CVE-2020-20971

Cross Site Request Forgery CSRF vulnerability in PbootCMS v2.0.3 via /admin.php?p=/User/index...

8.9AI score0.00141EPSS

Exploits1References1

CNVD•added 2022/05/31 12:0 a.m.•11 views

CSCMS Music Portal System SQL Injection Vulnerability (CNVD-2022-45400)

CSCMS Music Portal System is a diversified content management system of China Chong Sheng Network Technology CSCMS Company. CSCMS Music Portal System suffers from a SQL injection vulnerability that originates from the lack of validation of the id parameter in /admin.php/singer/admin/singer/del fo...

7.2CVSS8.2AI score0.00255EPSS

Exploits1References1

CNVD•added 2022/05/31 12:0 a.m.•15 views

Piwigo SQL Injection Vulnerability (CNVD-2022-43223)

Piwigo is a Web-based open source photo gallery software. The software includes features such as image management, image categorization and permission management. A SQL injection vulnerability exists in Piwigo version 11.5.0, which stems from a lack of validation of the id parameter in admin.php...

8.8CVSS8.2AI score0.00279EPSS

Exploits1References1

NVD•added 2022/05/26 2:15 p.m.•7 views

CVE-2022-29687

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/user/leveldel...

7.2CVSS0.00255EPSS

Exploits1References1

NVD•added 2022/05/26 2:15 p.m.•7 views

CVE-2022-29667

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via /admin.php/pic/admin/pic/hy. This vulnerability is exploited via restoring deleted photos...

8.8CVSS0.00239EPSS

Exploits1References1

Prion•added 2022/05/26 2:15 p.m.•9 views

Sql injection

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Links/del...

6.5CVSS7.2AI score0.00255EPSS

Exploits1References1Affected Software1

Prion•added 2022/05/26 2:15 p.m.•10 views

Sql injection

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan...

6.5CVSS7.2AI score0.00255EPSS

Exploits1References1Affected Software1